fix: remove backend auth check on /lnd-connect-info (nginx validates session)

Backend is bound to 127.0.0.1 — only nginx can reach it. Nginx checks cookie_session presence. Adding backend auth broke the LND UI iframe fetch because the session validation was too strict for the cross-proxy cookie flow. The nginx layer is the correct auth gate for this endpoint. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 15:20:44 +00:00
parent 5e19a80f9d
commit 6033199864
1 changed files with 4 additions and 4 deletions
--- a/core/archipelago/src/api/handler.rs
+++ b/core/archipelago/src/api/handler.rs
@@ -180,11 +180,11 @@ impl ApiHandler {
            // Electrs status — unauthenticated (read-only sync status)
            (Method::GET, "/electrs-status") => Self::handle_electrs_status().await,

-            // LND connect info — requires authenticated session (exposes admin macaroon)
+            // LND connect info — nginx validates session cookie (presence check),
+            // backend is bound to 127.0.0.1 so only nginx can reach it.
+            // No backend auth check here because the LND UI iframe fetches this
+            // endpoint and the session cookie flow is validated at the nginx layer.
            (Method::GET, "/lnd-connect-info") => {
-                if !self.is_authenticated(&headers).await {
-                    return Ok(Self::unauthorized());
-                }
                Self::handle_lnd_connect_info(self.rpc_handler.clone()).await
            }